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REMARKS 

Claims 107-147 and 165-181 are pending in the application. 
Claims 107-147 and 165-181 have been rejected. 

Claims 109, 133 and 167 have been amended. These amendments are included as 
response to the Objections stated in the Office Action and are not presented in response 
to rejections raised by cited art, unless specifically referenced in the discussion below. 
Applicant further submits that these amendments are presented merely for clarification 
and do not narrow the scope of the claims. 

Rejection of Claims Under 35 U.S.C. $112 

Claims 107, 131, 148, 125, 145, 165 and 179 and the intervening claims stand 
rejected imder 35 U.S.C. § 112, first paragraph, as failing to comply with the written 
description requirement. Applicants respectfiiUy traverse this rejection. 

Claims 107, 131 and 148: The Office Action suggests that the limitations of 
independent Claims 107, 131 and 148, as previously amended, do not have support in the 
written description of the original apphcation as filed. Applicants respectfiiUy disagree 
and submit that each and every limitation of these claims does indeed have support in the 
original specification of the Application. 

The limitations of these claims, as represented by the limitation of Claim 107, are 
presented below along with examples of supporting description in the original 
application. 

1. Providing A Plurality of Sockets. The original Application 
discloses that "a list of currently open sockets maintained by relay 
program 210 is searched in an effort to locate an open socket 
having a matching password." Application, p. 12: 1-3. This list of 
sockets corresponds to the claimed plurality of sockets. The 
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Application provides broad scope so that it is not limited to sockets 
as programmatic constructs associated with connections. See 
Application, p. 11:24-27 ("While the networking concept of a 
socket is employed in describing relay program 210, it will be 
apparent to one of skill in the art that the network connections 
referred to herein will be cast in terms of other programmatic 
constructs, and in fact, the appropriate construct will depend on the 
protocol being supported by the given embodiment of the present 
invention."). 

Each Socket has an Associated Connection. The Application 
discloses that "[t]he exemplary process of Fig. 4 begins with the 
creation of a socket (step 400) for use by an in-bound connection." 
Application, p. 11:22-24. Further, the AppHcation states that 
network connections are cast in terms of programmatic constructs 
such as sockets. See Application, p. 11:24-27. The Application 
further discloses that "[u]pon the receipt of an in-bound connection 
requisition, (step 410), a list of currently open sockets maintained 
by relay program 210 is searched in an effort to locate an open 
socket having a matching password (step 420)." Application, p. 
12:1-3. The AppHcation further states that "[i]t will be noted that 
the process illustrated in Fig. 4 is one that uses passwords for each 
connection in order to provide enhanced security. Although 
passwords need not be employed, some method of determining 
which in-bound connections are to be coupled to other in-boimd 
connections should be supported by relay program 210." 
Application, p. 12:3-7 (emphasis added). These statements 
establish that each socket in the list of open sockets maintained by 
the relay program has an associated connection. This association 
of sockets with connections is reinforced by the Application's 
statement that "if the password of the attempted connection 
matches one or more of the currently open sockets, the endpoints 
are connected by relay program 210 (step 480). Once connected, 
relay program 210 relays data fi-om one endpoint to the other 
endpoint.... This relaying of data continues until one (or both) of 
the connections either fails or is discoimected . . . ." See 
AppHcation, p. 12:20-25 (emphasis added). 

Each Socket has.... an Associated Security Token. The 

AppHcation describes that each open socket "maintained by relay 
program 210 is searched in an effort to locate an open socket 
having a matching password (step 420)." AppHcation, p. 12:2-3 
(emphasis added). The Application further discloses that it is not 
limited to the use of passwords and that other security tokens may 
be used. See AppHcation, p. 12:5-7 ("although passwords need not 
be employed, some method of determining which end-bound 
connections are to be coupled to other in-bound connections 
should be supported by relay program 210."). 
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4. The Associated Security Token is Provided by the Associated 
Connection. The Application discloses that "[u]pon the receipt of 
an in-bound connection requisition (step 410), a list of currently 
open sockets maintained by relay program 210 is searched in an 
effort to locate an open socket having a matching password (step 
420). It will be noted that the process illustrated in Fig. 4 is one 
that uses passwords for each connection in order to provide 
enhanced security." Application, p. 12: 1-5 (emphasis added). The 
Application further describes other types of security tokens that are 
associated with connections such as network addresses and 
verification strings. See Application, p. 12:7-11. The Application 
further describes the password as being provided (Application, 
p. 12: 12) and refers to the password as "the password of the 
attempted connection" (Application, p. 12:20). While this latter 
disclosure refers to the attempted connection, the Application also 
describes how the open socket list can be built by including 
unmatched attempted connections in the list of open sockets as a 
listening connection. See Application, p. 12:17-1 9 ("If the 
attempted connection is to be configured as a listening connection, 
the attempted connection is put on the list of currently opened 
sockets (step 470)."). 

5. Receiving A First Connection and A First Security Token. The 

Application describes that "[u]pon the receipt of an in-boimd 
connection requisition (step 410), a list of currently open sockets 
maintained by relay program 210 is searched in an effort to locate 
an open socket having a matching password (step 420). It will be 
noted that the process illustrated in Fig. 4 is one that uses 
passwords for each connection in order to provide enhanced 
security." Application, p. 12:1-5 (emphasis added). This statement 
estabUshes that an incoming connection has an associated 
password, or security token, that is compared to passwords 
associated with currently open sockets. The Application also 
describes the password as "the password of the attempted 
connection" (Application, p. 12:20) and that the password is 
provided (AppHcation, p. 12:12). 

6. Creating A Socket Associated with the First Connection. The 

Application discloses that "[t]he exemplary process of Fig. 4 
begins with the creation of a socket (step 400) for use by an in- 
bound connection." Application, p. 1 1:22-24. 

7. Wherein the First Connection has Associated the First Security 
Token. Applicants refer the Examiner to the support found in the 
Specification for "receiving a first connection and a first security 
token" discussed above. The sections of the Application 
referenced therein provides support for the present claim limitation 
as well. 
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8. Comparing the First Security Token with the Associated 
Security Tokens. The Application discloses that "a Ust of 
currently open sockets maintained by relay program 210 is 
searched in an effort to locate an open socket having a matching 
password (step 420)." AppHcation, p.l2:l-3. The Application 
further discloses that "[ajlthough passwords need not be employed, 
some method of determining which in-bound connections are to be 
coupled to other in-bound connections should be supported by 
relay program 210." Application, p. 12:5-7. These statements 
establish that a security token (e.g., a password) associated with an 
inbound connection is compared to security tokens associated with 
open sockets. 

9. If None of the Associated Security Tokens Match the First 
Security Token, Including the Socket in the Plurality of 
Sockets. As stated above, the relay program performs a search in 
which a password associated with an in-bound coimection is 
compared with passwords of open sockets associated with other 
in-bound connections. "If the password provided does not match 
any of the current open sockets (step 430), relay program 210 
makes the determination as to whether the attempted connection 
should be configured as a listening connection (step 440)." 
Application, p. 12: 12-14. "If the attempted connection is to be 
configured as a listening connection, the attempted connection is 
put on the list of currently open sockets (step 470)." Application, 
p. 12:17-19. The Application further discloses that an attempted 
connection is associated with its own socket. See Application, 
p. 11:22-24 ("the exemplary process of Fig, 4 begins with the 
creation of a socket (step 400) for use by an in-bound 
connection."). Thus, the socket associated with the in-bound 
connection is disclosed to be included with the plurality of open 
sockets. 

Applicants respectfully submit that the above enumerated list establishes that the 
limitations of independent Claims 107, 131 and 148 all find support within the original 
Application filed. The Office Action suggests "at the time the invention was made. 
Application was not concerned of having the invention implemented in a networking 
concept of socket as disclosed in the claims." Office Action, p. 4. The above-described 
relationships between the Application disclosure and the pending claims show that the 
Apphcants did indeed have possession of the pending claimed limitations. The Office 
Action fails to present any rationale for why the clear wording of the Application does 
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not support the clear wording of the pending claims, as shown above. Therefore, 
Applicants respectfully request the Examiner's reconsideration and withdrawal of the 
rejections of independent Claims 107, 131 and 148 under 35 U.S.C. §112. 

Claims 125. 145, 165, and 179: Dependent Claims 125, 145, 165, and 179 all 
contain limitations that are similar to those described above. These limitations also find 
support within the patent Specification section as mentioned above. 

1. The Relay Program Compares the First Security Token with 
One or More Security Tokens Associated with One or More 
Corresponding Connections. The Application discloses "[u]pon 
the receipt of an in-boimd connection requisition (step 410), a list 
of currently open sockets maintained by relay program 210 is 
searched in an effort to locate an open socket having a matching 
password (step 420). It will be noted that that process illustrated in 
Fig. 4 is one that uses passwords for each connection in order to 
provide enhanced security. Although passwords need not be 
employed, some method of determining which in-bound 
connections are to be coupled to other in-boimd connections 
should be supported by relay program 210." Application, p. 12: 1-7. 
This passage establishes that the Application discloses comparing a 
first security token (e.g., a password) with one or more security 
tokens associated with one or more corresponding connections. 

2. If the First Security Token and A Security Token Associated 
with A Corresponding Connection Match, Coupling the 
Second Connection to the Connection Associated with A 
Corresponding Connection Match, Coupling the Second 
Connection to the Connection Associated with the Matching 
Security Token. The Application discloses that "if the password 
of the attempted connection matches one or more of the currently 
open sockets, the endpoints are connected by relay program 210 
(step 480). Once connected, relay program 210 relays data from 
one endpoint to the other endpoint (i.e., programs 135 and 140 of 
Fig. 2) (step 490)." Application, p. 12:20-23. This passage of the 
Application discloses the coupling (or connecting) of the attempted 
connection with a connected associated with a socket having a 
matching password. 

3. If None of the Associated Security Tokens Match the First 
Security Token, Including the Second Connection with Said 
One or More Corresponding Connections. The Application 
discloses that when "the password provided does not match any of 
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the current open sockets (step 430), relay program 210 makes the 
determination as to whether the attempted connection should be 
configured as a listening connection (step 440). . . .if the attempted 
connection is to be configured as a hstening connection, the 
attempted connection is put on the list of currently open sockets 
(step 470)." Application, p.l2:12-19. It has already been 
established that the Application relates sockets with in-bound 
coimections to the relay program. See Application, pp. 11:22-28, 
12:1-7, 12:20-25 (each describing the relationship of sockets with 
connections). 

Applicants respectfiilly submit that the above comparison of the claim language with the 
disclosure of the original Application establishes that the Apphcants had in their 
possession the invention that is claimed in the pending claims. Applicants therefore 
respectfully request that the Examiner reconsider and withdraw the rejections to these 
claims under 35 U.S.C. §112. 

Rejection of Claims Under 35 U,S,C. §102 

Claims 107-127 and 131-148 stand rejected under 35 U.S.C. § 102(e) as being 
anticipated by U. S. Patent 5,941,988 issued to Bhagwat et al ("Bhagwat"). Apphcants 
respectfully traverse this rejection. 

Independent Claims 107, 131 and 164; Applicants respectfully submit that 
Bhagwat does not disclose all of the pending limitations of independent Claims 107, 131 
and 164 alone or in combination with the cited "extrinsic evidence" of the SOCKS 
protocol version 5, cited by the Office Action. In addition to the discussion previously 
presented in response to prior Office Actions, which is incorporated herein by reference. 
Applicants present the following discussion. 

The Office Action suggests that Bhagwat "discloses creating a socket associated 

with the first connection (column 7, lines 13-26) and an authentication test that meets the 

recitation of comparing the first security token with the associated security tokens 
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(column 7, lines 13-26)." Office Action, p.7. The Office Action fiirther states that "[i]t is 
inherent that the SOCKS protocol version 5 establishes connection by using strong 
authentication including user name/password authentication to determine validity of the 
connection request by comparing." Id, Applicants respectfiiUy submit that the cited 
section of Bhagwat fails to disclose the claim limitation of "comparing the first security 
token with the associated security tokens'* suggested by the Office Action. 

The cited section of Bhagwat relates, in part, to a first connection to a proxy 
server exchanging authentication to establish a connection between a client and the proxy 
server at a socket. See Bhagwat 7:17-24 ("When the acknowledgement for SYN & ACK 
arrives fi'om the client, the connection between the client and the proxy is established at 
state 53. Over the newly established connection, using SOCKS version 4 or 5 protocol, 
the client and the proxy exchange authentication information . If the client fails the 
authentication test, socked A returns to LISTEN state 51, resetting the connection 
between the client and the proxy. ")(emphasis added). At no point in the cited disclosure 
is there a description of comparing a first security token with associated other security 
tokens, wherein those associated security tokens are associated with other sockets , as 
claimed. In fact, Bhagwat teaches away fi'om this by disclosing that the proxy can be 
directed to either initialize a second connection to an address specified in a SOCKS 
connect message (Bhagwat 7:28-31) or to request the proxy to start accepting connections 
from a remote server in response to a SOCKS bind message (Bhagwat 7:3 1-33). "In both 
cases, the proxy opens a new socket, B, and, using TCP's standard three-way handshake 
protocol, establishes a new connection between the proxy and the remote server." 
Bhagwat 7:33-36. Further, "[i]n the case of a SOCKS bind message, socket A remains in 
the ESTABLISHED state and socket B at the proxy is in the LISTEN state, as indicated 
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by State 56." Bhagwat 7:39-42. Any subsequent authentication that may occur at the 
disclosed socket B is between a connection from the remote server to socket B at the 
proxy, and not a comparison of a security token associated with a socket (e.g., socket B) 
to security tokens associated with other sockets (e.g., socket A). This is because there is 
already an association that is made between socket A and socket B at the time of 
establishing socket A, as disclosed by Bhagwat. No authentication need pass between 
sockets A and B in Bhagwat. 

Applicants further submit that Bhagwat fails to provide disclosure of the claim 
limitation "in response to said comparing, if none of the associated security tokens match 
the first security token, including the socket in the plurality of sockets." As an initial 
matter, since Bhagwat fails to provide disclosure of the comparison between the first 
security token and associated security tokens, Bhagwat cannot perform an act in response 
to said comparison. In addition, the only disclosure that Bhagwat provides for failure to 
authenticate the element suggested by the Office Action to correspond to the claimed 
security tokens is to reset the disclosed connection between the disclosed client and the 
disclosed proxy. See Bhagwat 7:22-24 ("If the client fails the authentication test, socket 
A retums to LISTEN state 51, resetting the connection between the client and the 
proxy."). Thus, Bhagwat fails to provide inclusion of the socket associated with the first 
connection with the pluraHty of sockets if authentication fails, as claimed. 

For at least these reasons. Applicants respectfully submit that Bhagwat fails to 
provide disclosure of independent Claims 107, 131, and 165 even in the Ught of the 
referenced SOCKS protocol documents. Applicants therefore respectfully submit that 
independent Claims 107, 131 and 167, and all claims dependent therefi-om, are in 
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condition for allowance and Applicant respectfully requests the Examiner to reconsider 
and withdraw the rejection to those claims under 35 U.S.C. §102. 

Dependent Claims 125, 145 and 179: For reasons the same as those discussed 
above, Applicants also respectfully submit that dependent Claims 125, 145 and 179 are 
not disclosed by Bhagwat and therefore these clams, and any claims dependent 
therefrom, are in condition for allowance. Applicants therefore respectfully requests the 
Examiner's reconsideration and withdrawal of the rejections to these claims under 35 
U.S.C §102. 

Independent Claims 120, 140 and 174: Independent Claims 120, 140, and 174 
contain the following limitations: 

• Creating a first connection to a first program; 

• Receiving a first security token from that first program; 

• Creating a second connection to a relay program; 

• Providing the security token received from the first program to the 
relay program; and, 

• Coupling the first connection to the second connection upon 
successful creating of the second connection. 

See^ e.g.. Claim 120. The cited sections of Bhagwat do not contain disclosure of these 
limitations. 

Bhagwat 3:63-4:8 discloses point-to-point TCP connections from a network 

address to a port. Bhagwat 5:5-40 discloses a scenario where a telnet client 11 opens a 

connection to a firewall proxy 12 and then the firewall proxy initiations a connection with 

a telnet server 13. Neither cited section provides disclosure where, following the 

terminology set forth in the cited section of Bhagwat, there is a creating of a first 
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connection to a first program (e.g., by Bhagwat's firewall proxy to Bhagwat*s telnet 
client), then receiving a security token fi-om the first program, creating a connection to a 
relay program (e.g., Bhagwat's Telnet server 13), and providing the secxuity token to the 
relay program. Similarly, Bhagwat 7:26-44 does not disclose a method with the 
limitations of the above-referenced claims, providing only a reiteration of the above 
disclosure with additional detail. Since Bhagwat does not contain these limitations, it 
cannot anticipate these independent claims nor any claims which depend upon these 
independent claims (i.e.. Claims 121-130, 141-147 and 175-181). Applicants therefore 
respectfully submit that these claims are in condition for allowance and respectfiilly 
request the Examiner's reconsideration and withdrawal of the rejection as to these claims 
under 35 U.S.C. §102. 

For at least the reasons stated above. Applicants respectfully submit that the 
discussed claims, and all dependent upon them, are allowable over Bhagwat and are not 
anticipated under 35 U.S.C. §102. 

Rejection of Claims Under 35 UXC ^J03 

Claims 128-130 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Bhagwat in view of U. S. patent 6,104,716 issued to Chrichton et al ("Chrichton"). 
Applicants respectfully traverse this rejection. 

In order for a claim to be rendered invahd under 35 U.S.C. § 103, the subject 
matter of the claim as a whole would have to be obvious to a person of ordinary skill in 
the art at the time the invention was made. See 35 U.S.C. § 103(a). This requires: (1) the 
reference(s) must teach or suggest all of the claim limitations; (2) there must be some 
teaching, suggestion or motivation to combine references either in the references 
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themselves or in the knowledge of the art; and (3) there must be a reasonable expectation 
of success. SeeMPEP2U3;MPEP 2143.03; In re Rouffet, 149F.3d 1350, 1355-56 
(Fed. Cir. 1998). 

For the reasons expressed in the section regarding 35 U.S.C. § 102, Bhagwat does 
not contain all the limitations of independent Claim 120 upon which Claims 128-130 are 
based. Further, the Office Action makes no argument that Crichton discloses the missing 
limitations of the independent claim. 

For at least these reasons, and those expressed in previous responses, neither 
Bhagwat nor Crichton, alone or in combination, teach all of the limitations of dependent 
Claims 128-130. The burden is on the Examiner to support a case of obviousness, 
including whether the prior art references teach or suggest all of the claim limitations. 
SeeMPEP 706.020). 

Applicants also respectfully submit that a person of ordinary skill in the art would 
not be motivated to combine Crichton with Bhagwat based upon the teachings of the 
references themselves or the knowledge of the art. Crichton and Bhagwat each describe 
methods of setting up proxy connections: Crichton through the disclosed Lightweight 
Secure Tunneling Protocol and Bhagwat through the disclosed TCP glue. The 
disclosures of the references do not indicate that these methods are compatible, nor does 
the Office Action make such an argument. Such teachings may be considered cimiulative 
to a person of ordinary skill in the art. Cumulative teachings argue against a finding that 
references may be combined for obviousness. 

For these reasons. Applicants respectfully submit that the Office Action fails to 
present a prima facia case of obviousness of dependent Claims 128-130, and all claims 
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dependent upon them, and that they are in condition for allowance. Applicants therefore 
request the Examiner's reconsideration of the rejections to those claims. 

CONCLUSION 

Li view of the amendments and remarks set forth herein, the application and the 
claims therein are believed to be in condition for allowance without any further 
examination and a notice to that effect is solicited. Nonetheless, should any issues 
remain that might be subject to resolution through a telephonic interview, the Examiner is 
invited to telephone the undersigned at 512-439-5090. 



I hereby certify that this correspondence is being deposited with 
the United States Postal Service as First Class Mail in an envelope 
addressed to: Mail Stop Amendment, COMMISSIONER FOR 
PATENTS, P. O. Box 1450, Alexandria, VA 22313-1450, on 
April 7, 2006. 
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